Error: [Errno 22] Signing the new certificate failed

Hi
Renew of the Lets Encrypt certificate failed.
yunohost:
repo: local
version: 2.7.13.1
yunohost-admin:
repo: testing
version: 2.7.13
moulinette:
repo: stable
version: 2.7.12
ssowat:
repo: stable
version: 2.7.12

Applying pending configuration for service 'dnsmasq'...
The configuration file '/etc/resolv.dnsmasq.conf' has been backed up to '/home/yunohost.conf/backup/etc/resolv.dnsmasq.conf-XXXXXXXXXXX'
The configuration file '/etc/resolv.dnsmasq.conf' has been updated
Success! The configuration has been updated for service 'dnsmasq'
Executing script '/usr/share/yunohost/hooks/conf_regen/43-dnsmasq'...
+ set -e
+ FORCE=0
+ DRY_RUN=0
+ case "$1" in
+ do_post_regen /etc/resolv.dnsmasq.conf
+ regen_conf_files=/etc/resolv.dnsmasq.conf
+ [[ -z /etc/resolv.dnsmasq.conf ]]
+ sudo service dnsmasq restart
+ exit 0
Prepare key and certificate signing request (CSR) for domain.tld...
Saving to /tmp/acme-challenge-private/domain.tld.csr.
Now using ACME Tiny to sign the certificate...
Parsing account key...
Parsing CSR...
Found domains: domain.tld
Getting directory...
Directory found!
Registering account...
Error: 'newAccount'
Error: Certificate renewing for domain.tld failed !
Error: Traceback (most recent caall last):
  File "/usr/lib/moulinette/yunohost/certificate.py", line 381, in certificate_renew
    _fetch_and_enable_new_certificate(domain, staging)
  File "/usr/lib/moulinette/yunohost/certificate.py", line 573, in _fetch_and_enable_new_certificate
    'certmanager_cert_signing_failed'))
MoulinetteError: [Errno 22] Signing the new certificate failed

Error: [Errno 22] Signing the new certificate failed

Weeeeell :confused:

Are you using --no-checks here ? (I guess not if that’s the default cron job)

Is you server correctly accessible on port 80 via the domain name ?

Are you able to reproduce the issue ?

I have tried with --no-checks too.
How can I check port is accessible on port 80.

Just by trying to access your server in http from your browser

But trying to access my domain with http takes me to https as default behavior which works normal as it should do.

Did you see this? Its trying to create new account, its normal?

The error have changed itself, I don’t know how.

Error: Wrote file to /tmp/acme-challenge-public/QZRZbdSTnTkl0lf6W-ig6OoZhxt6a5hOG-KFaITwDEM, but couldn't download http://domain.tld/.well-known/acme-challenge/QZRZbdSTnTkl0lf6W-ig6OoZhxt6a5hOG-KFaITwDEM
Warning: Debug information:
 - domain ip from DNS        xxx.xxx.x.xxx
 - domain ip from local DNS  xxx.xxx.x.xxx
 - public ip of the server   xxx.xxx.x.xxx

edited: There was some conflict with the .well-known location in the nginx configuration. Rectifying it solved the issue.

Hi Kanhu! I get the same error. The --no-checks option results in two warnings with debug information, which show different values for “domain ip from DNS”.

  • May I ask, how did solve the “conflict with the .well-known location in the nginx configuration”?

@jmendoza
Hello
You should have the domain ip matching with your YunoHost server. My domain ip(which are marked as XX.XX.XX.XX are marked for privacy) was matching with YunoHost server ip. If that are not matching you have to configure your DNS first.

Now if the ip is matching and then there is an error. You should see the app.conf files under /etc/nginx/conf.d/domanin.tld.d/app.conf and look for .well-known locations and comment them for the sake of the renewing of the certificate.

After that restart nginx :service nginx restart and then yunohost domain cert-renew domain.tld
You can uncomment the .well-known lines form the app.conf and restart nginx again.

Thanks a lot for the explanation Kanhu, very clear. I have followed your recommendations, but still no luck. Perhaps the root of the problem is that my ISP blocks ports, as I explain here (I don’t want to raise my issue in two different threads, to respect you and the community ;-). I will continue trying, thanks for your response anyway!